CS5032 L19 cybersecurity 1


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

CS5032 L19 cybersecurity 1

  1. 1. Cybersecurity 1Introduction to cybersecurity, 2013 Slide 1
  2. 2. What is cybersecurity? • A wide-ranging term that embraces all aspects of ensuring the protection of citizens, businesses and critical infrastructures from threats that arise from their use of computers and the internet.Introduction to cybersecurity, 2013 Slide 2
  3. 3. Scope of cybersecurity • Techniques of threat and attack analysis and mitigation • Protection and recovery technologies, processes and procedures for individuals, business and government • Policies, laws and regulation relevant to the use of computers and the InternetIntroduction to cybersecurity, 2013 Slide 3
  4. 4. A systems problem • Related to, but broader in scope than: – Computer security – Security engineering – Encryption – Computer crime – Computer forensics • Cybersecurity is a socio-technical systems problem • Problems almost always stem from a mix of technical, human and organisational causesIntroduction to cybersecurity, 2013 Slide 4
  5. 5. Malicious and accidental damage • Cybersecurity is most concerned with – Cyber attacks – Malicious attempts to cause loss or damage to an individual, business or public bodies • But it should also be concerned with – Cyber-accidents – Accidental events that can cause loss or damage to to an individual, business or public body Many of the same technologies are applicable although sometimes protecting against cyber attacks increases the probability of cyber accidentsIntroduction to cybersecurity, 2013 Slide 5
  6. 6. Insider and external attacks • Insider attacks – Attacks to an organisation carried out by someone who is inside that organisation – Difficult to counter using technical methods as the insider may have valid credentials to access the system • External attacks – Attacks to an organisation carried out by an external agent – Requires either valid credentials or the exploitation of some vulnerability to gain access to the systemsIntroduction to cybersecurity, 2013 Slide 6
  7. 7. Introduction to cybersecurity, 2013 Slide 7
  8. 8. Classes of cyber attack • Cyber fraud – Cyber attacks that are generally aimed at gaining monetary or related gains for the perpetrator. • Cyber-spying – Cyber attacks aimed at gaining information for the perpetrator. Related to cyber-fraud in that one aim of cyber- spying may be to sell the information gained, • Cyber-stalking, cyber-bullying etc. – Cyber attacks which are designed to intimidate individuals rather than businesses or government •Introduction to cybersecurity, 2013 Slide 8
  9. 9. Classes of cyber attack • Cyber assault – Cyber-attacks aimed at causing damage to information or equipment that is being attacked. Again, related to cyber fraud in that some attacks such as DDOS attacks may be precursors to attempts to extort money from those affected by the attacks. – Damage may be physical damage to equipment, reputational damage, psychological damage to individuals (cyber bullying or cyber stalking) or damage to information. • Cyber warfare – An extreme form of cyber-assault where at least one of the parties involved is a nation state.Introduction to cybersecurity, 2013 Slide 9
  10. 10. Cyber-fraud • Phishing attacks combined with fake websites to steal users’ personal details and, with these, steal money from their accounts – Fraudsters set up a fake website that looks like a bank website – Emails are sent to large numbers of recipients with a link to this site and a message trying to lure them to log on – If the click on the link, their personal details are collected and then used by the fraudster to access their legitimate siteIntroduction to cybersecurity, 2013 Slide 10
  11. 11. Introduction to cybersecurity, 2013 Slide 11
  12. 12. Cyber-spyingIntroduction to cybersecurity, 2013 Slide 12
  13. 13. Introduction to cybersecurity, 2013 Slide 13
  14. 14. Cyber-bullyingIntroduction to cybersecurity, 2013 Slide 14
  15. 15. Introduction to cybersecurity, 2013 Slide 15
  16. 16. Cyber-assaultIntroduction to cybersecurity, 2013 Slide 16
  17. 17. Cyber warfare attacks • These are much harder to validate as, for obvious reasons, neither the perpetrator or the victim wish to release information • Denial of service attacks – Government and critical infrastructure sites attacked by DoS attacks with a view to taking them offline • Malware – Malware introduced to target and damage government and infrastructure facilitiesIntroduction to cybersecurity, 2013 Slide 17
  18. 18. Introduction to cybersecurity, 2013 Slide 18
  19. 19. The scale of the problem • It’s a big problem • How big ? We really do not know • Many surveys on costs but very wide variations and different methodologies • Differing estimates: – Cybercrime in Scotland from £31 billion to £168 million • Industry reluctant to release figures but when they do, they tend to overvalue assetsIntroduction to cybersecurity, 2013 Slide 19
  20. 20. Why has this problem arisen • Connection of computers to the internet can cut costs, improve the efficiency and responsiveness of business processes and open up new opportunities for interaction. Therefore business has focused on connectivity rather than security • Security is inconvenient and slows down transactions. Businesses have decided to prioritise convenience and usability over security. • There are inherent security weaknesses in the design of the InternetIntroduction to cybersecurity, 2013 Slide 20
  21. 21. Internet vulnerabilities • The Internet was invented in the 1970s as a network between organisations that were trustworthy and which trusted each other • Information maintained was largely non-commercial • Security was not a factor in the design of internet protocols, practices and equipment • These protocols made it easy for the Internet to be universally adopted in the 1990s but mean that we have to live with weak security.Introduction to cybersecurity, 2013 Slide 21
  22. 22. Internet vulnerability examples • Unencypted traffic – Packets can be intercepted and examined by an attacker • DNS system – Possible to divert traffic from legitimate to malicious addresses – Easy to hide where traffic has come from • Mail protocol – No charging mechanism for mail – Hence spam is possibleIntroduction to cybersecurity, 2013 Slide 22
  23. 23. Risk classification • Risks due to actions of people • Risks due to hardware or software • Risks due to organisational processes • There are also – Risks due to external events such as weather, infrastructure failure, regulatory changes. – But these are more difficult toIntroduction to cybersecurity, 2013 anticipate and control Slide 23
  24. 24. Actions of people • Deliberate or accidental exposure of legitimate credentials to attackers • Failure to maintain secure personal computers and devices • Insider corruption or theft of data • Preference for convenience and usability over security – Weak passwords set because they are easy to remember and quick to typeIntroduction to cybersecurity, 2013 Slide 24
  25. 25. Hardware and software • Misconfigured firewalls and mail filters • Programming errors and omissions in software lead to malicious penetration – Buffer overflow attacks – SQL poisoning attacks • Inadequate server or router capacity leads to failure in the event of DoS attackIntroduction to cybersecurity, 2013 Slide 25
  26. 26. Organisational processes • No established process and checks for updating and patching software • Lack of security auditing • Lack of systematic backup processesIntroduction to cybersecurity, 2013 Slide 26
  27. 27. Key points • Cybersecurity is concerned with all aspects of ensuring the protection of citizens, businesses and critical infrastructures from threats that arise from their use of computers and the internet. • Cybersecurity is a socio-technical systems problem • Cybersecurity covers cyber-fraud, cyber- spying, cyber-bullying, cyber-assault and cyber- warfare • Cyber attacks are a major cost for business, government and individuals. But quantifying this cost is difficult.Introduction to cybersecurity, 2013 Slide 27